The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.

MetadataProviderHTTPAttributes

Owned by trscavo@ncsa.illinois.edu
Last updated: May 22, 2018
3 min read

The following attributes are common to all HTTP metadata providers (i.e., DynamicHTTPMetadataProvider and FileBackedHTTPMetadataProvider).

An HTTP metadata provider includes a default implementation of the org.apache.http.client.HttpClient interface. The attributes in the following subsections control the behavior of the default HTTP client. To override the default client implementation, configure the following attribute:

NameTypeDefaultDescription
httpClientRefBean ID

A reference to an externally defined Spring bean that specifies an org.apache.http.client.HttpClient object. This attribute conflicts with and overrides all of the HTTP attributes. See the HttpClientConfiguration topic for more information.

Use of the httpClientRef attribute precludes the use of any and all of the HTTP attributes in the following subsections.

HTTP Connection Attributes

The following attributes apply to the HTTP connections obtained and managed by an HTTP metadata provider:

NameTypeDefaultDescription
connectionRequestTimeout 3.3DurationDepends on the provider typeThe maximum amount of time to wait for a connection to be returned from the HTTP client's connection pool manager. Set to PT0S to disable. This attribute is incompatible with httpClientRef.
connectionTimeout 3.3DurationDepends on the provider typeThe maximum amount of time to wait to establish a connection with the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef.
requestTimeout             
DurationDepends on the provider type

DEPRECATED: Use connectionTimeout instead.

socketTimeout 3.3DurationDepends on the provider typeThe maximum amount of time to wait between two consecutive packets while reading from the socket connected to the remote server. Set to PT0S to disable. This attribute is incompatible with httpClientRef.

HTTP Security Attributes

The following security-related attributes apply to any HTTP metadata provider:

NameTypeDefaultDescription
disregardTLSCertificate           
Booleanfalse

If true, no TLS certificate checking will take place over an HTTPS connection. This attribute is incompatible with httpClientRef. (Be careful with this setting, it is typically only used during testing. See the HttpClientConfiguration topic for more information.)

disregardSslCertificateBooleanfalseDEPRECATED: Use disregardTLSCertificate instead.
basicAuthUserString

DEPRECATED: Use httpClientSecurityParametersRef instead.

basicAuthPasswordString

DEPRECATED: Use httpClientSecurityParametersRef instead.

tlsTrustEngineRef 3.1Bean ID

DEPRECATED: Use httpClientSecurityParametersRef instead.

httpClientSecurityParametersRef 3.3Bean ID
A reference to an externally defined Spring bean that specifies an org.opensaml.security.httpclient.HttpClientSecurityParameters instance, which consolidates all HTTP security parameters including advanced TLS usage. This attribute conflicts with and overrides any explicit TrustEngine implementation configured as an inline <TLSTrustEngine> element. See the HttpClientConfiguration topic for more information.

HTTP Proxy Attributes

The following attributes configure an HTTP proxy for use with an HTTP metadata provider:

NameTypeDefaultDescription
proxyHostString

The hostname of the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef.

proxyPortString

The port of the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef.

proxyUserString

The username used with the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef.

proxyPasswordString

The password used with the HTTP proxy through which connections will be made. This attribute is incompatible with httpClientRef.

HTTP Caching Attributes

The following attributes configure an HTTP cache on an HTTP metadata provider:

NameTypeDefaultDescription
httpCaching"none", "file", or "memory"Depends on the provider type

The type of low-level HTTP caching to perform. There are three choices:

  • “none” indicates the HTTP response is not cached by the client library

  • "file” indicates the HTTP response is written to disk (but will not survive a restart)

  • "memory" indicates the HTTP response is stored in memory

This attribute is incompatible with httpClientRef and its value may not be specified as a bean property.

Some metadata providers, most notably the reloading "batch-oriented" providers, implement HTTP caching at a higher layer and tend to work best with httpCaching="none".

httpCacheDirectoryString

If httpCaching="file", this attribute specifies where retrieved files are to be cached. This attribute is incompatible with httpClientRef.

httpMaxCacheEntriesInteger

"memory": 50

"file": 100

The maximum number of responses written to cache. This attribute is incompatible with httpClientRef.

httpMaxCacheEntrySize             
Integer

"memory": 1048576 (1MB)

"file":  10485760 (10MB)

The maximum response body size that may be cached, in bytes. This attribute is incompatible with httpClientRef.